Role Directory

A role is a set of authorized operations on specific types of resources.

Roles are assigned within permissions, the role applies to the access area specified in the permission, for more information see Access Control in Servercore Products.

Some roles may only be assigned to a specific access area, and may have a different set of managed resources in different access areas.

member⁠

User with full access to all services.Unavailable access control: users, service users, user groups, federations.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations and resources	In the Account access area: management of projects, their limits and quotas; billing management; resource management across all projects; management of resources outside of projects.
	In the access area Project: management of the resources of the selected project.

billing⁠

User with access to billing management and without access to service management.

Access areas	Account
Who can be prescribed	Users; to service users; user groups
Available operations and resources	Billing Management: replenishment of balance and transfer of funds between balances; management of auto-account, monthly payments, payment deferrals; balance notification management; bank card management; viewing of reporting documents; managing the affiliate program and withdrawal of funds; view connected services and service statuses.

iam_admin⁠

User with access to user management and without access to services and billing.Cannot manage his account: change permissions, manage notifications, delete user.The first user with the iam_admin role is created by the Account Owner.

Access areas	Account
Who can be prescribed	Users; to service users; user groups
Available operations and resources	Manage users, service users, user groups and federations; issuing keys to users; manage notifications from other users; setting account access restrictions

reader⁠

A user with access to view everything he controls member in the same access area.

Access areas	Account; project
Who can be prescribed	Users; to service users; user groups
Available operations and resources	In the Account access area: View resources in all projects, as well as resources that are not attached to a project; view the settings of all projects, their limits and quotas; viewing of billing data (balance, bank cards, report documents, partner program, etc.)
	In the access area Project: view the resources of the selected project

object_storage:admin⁠

A user with full access to S3 management within a project.Does not have access to S3 in other projects or other products in their project.Read more in the Manage Access in S3 instructions.

Access areas	project
Who can be prescribed	Service Users; user groups
Available operations and resources	View the list of bucket list in the project; viewing the contents of the bins; management of objects in the baquette (loading, modification, deletion, etc.); changing the settings of the baquettes; configuring the bucket access policy

object_storage_user⁠

A user with access to the S3 bucket if an access policy is configured in  the bucket that allows access to the bucket for that user, more details in the Manage Access in S3 instructions .The level of access is determined by the access policy settings.Does not have access to S3 in other projects and other products in his project.

Access areas	project
Who can be prescribed	Service Users; user groups
Available operations and resources	View the list of bucket list in the project; operations in the buckets that are allowed by the access policy.

mobile_farm_admin⁠

User with full access to manage the mobile farm in their project.Does not have access to the mobile farm in other projects and other products in their project.Read more in the Manage Access to Mobile Farm instructions.

Access areas	project
Who can be prescribed	Users; to service users; user groups
Available operations and resources	View mobile farm consumption; Adding and removing mobile farm devices; utilization of mobile farm devices; mobile farm tariff change; adding ADB keys to your profile

mobile_farm_user⁠

User with access to use Mobile Farm devices in their project.Does not have access to Mobile Farm in other projects and other products in their project.More information in the Manage Mobile Farm Access instructions.

Access areas	project
Who can be prescribed	Users; to service users; user groups
Available operations and resources	View mobile farm consumption; utilization of mobile farm devices; adding ADB keys to your profile

mobile_farm_viewer⁠

User with access to view devices and consume the mobile farm in their project.Does not have access to the mobile farm in other projects and other products in their project.Read more in the Manage Mobile Farm Access instructions.

Access areas	project
Who can be prescribed	Users; to service users; user groups
Available operations and resources	View mobile farm consumption; Mobile Farm Device Viewer; adding ADB keys to your profile